I’m working on a project where we use P2P replication among a closed community of devices on a network. I’d like to implement mutual authentication when these devices perform P2P replication. The idea I have in mind is to issue each client a TLS cert out of band that is issued by my own private CA. The active peer would send a username password to authenticate itself to the passive peer, while the active peer would authenticate the passive peer by validating that its TLS certificate was issued by our trusted CA.
Would this work, and does CB Lite 2.1 provide the hooks for me to implement such a scheme? Or is there a better way to accomplish this?